what about someone ports all exploits from Milw0rm over to metasploit?

[hattrickinc at gmail.com (Nicholas Harvey)]

Plus.. I was always taught that they don't compile on purpose- to weed  
out the noobs?

Sent from my hacked iPhone

On Mar 7, 2009, at 12:08 AM, H D Moore <hdm at metasploit.com> wrote:

> On Sat, 2009-03-07 at 13:48 +1000, Professor 0110 wrote:
> > I just had an idea that maybe Metasploit could have a dedicated team
> > that ports all the exploits from Milw0rm over to the Metasploit
> > Platform. That way, Metasploit can become a "fully functional"  
> > exploit
> > platform and the ULTIMATE Penetration Testing/Hacking tool. I say  
> > this
> > because a lot of the C/Perl exploits from Milw0rm don't compile in
> > their default state.
>
> Many of these exploits and proof of concepts require quite a bit of  
> work
> to port. For example, Every metasploit module contains information  
> about
> the maximum payload size, the restricted characters, and often
> target-specific information for a wide range of versions. To port a
> proof of concept, you essentially have to rewrite the code from  
> scratch
> and do the work that the PoC author didn't bother with. Without  
> knowing
> the payload size, the restricted characters, and the return time,  
> these
> become time intensive to convert. This doesn't take into account the
> difficulty in finding copies of the original, vulnerable software.
>
> I would love to port as many as possible, but its usually only worth  
> the
> effort for important/wide-spread vulnerabilities.
>
> -HD
>
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework